Hyundai and Kia added official GrapheneOS support to their apps months before Volkswagen banned GrapheneOS:
https://t.co/k0egvK5SNw
Pressure from Volkswagen customers on them can achieve the same thing. There's no legitimate reason to ban GrapheneOS so they'll undo it with pressure.
Leave a 1 star review for Volkswagen's apps on the Play Store asking them to stop banning GrapheneOS. Explain it's a far more secure operating system and fully possible for them to verify the hardware, OS and their app on it if they insist on doing it. It's far more secure than anything they allow.
Google has misled companies about what the Play Integrity API provides. It doesn't genuinely enforce having a secure device or legitimate app, it only pretends to. It leaves huge security holes open. It enforces Google's business interests and bans having a reasonably secure device with GrapheneOS.
Most companies are unlikely to stop using the Play Integrity API but most are willing to start permitting GrapheneOS via hardware attestation with enough pressure.
In addition to every user of their app on GrapheneOS leaving a 1 star review on the Play Store, multiple other steps can be taken too.
Every GrapheneOS user with one of their cars using the app should file a customer support request. Keep answering them and countering the template responses. Escalate the request higher up. Tell them you want money back for the vehicle due to reduced functionality after the fact and insist on it.
They can trivially stop enforcing the anti-security and anti-competitive Play Integrity API or easily add hardware-based verification of GrapheneOS. Link to https://t.co/KC7xS0Nobe in the customer support request, but don't add any links to Play Store reviews to avoid filtering.
A bunch of apps have added explicit support for GrapheneOS due to pressure from our users. Our userbase is rapidly growing and we'll gain the ability to apply massive pressure to companies doing this. We plan to ship a feature for our Info app for people to opt-in to getting asked for their help.
GrapheneOS is production quality OS from a non-profit paying around 15 people to work on it. It's far more secure than anything supported by the Play Integrity API. We have an official partnership with Motorola and we'll have more. Just counter template responses and insist on compensation or a fix.
Update: the App Review Board has confirmed that my Apple Developer account will not be terminated. Sparrow on macOS is safe.
Thank you to everyone who shared and reached out in the past 24 hours - I'm grateful. And credit to @Apple for reviewing the appeal and reaching the right outcome.
The deeper problem hasn't gone away: apps impersonating @SparrowWallet are still reaching users and putting their funds at risk. I'll keep working to protect people from those scams, and I hope to do so alongside @Apple.
Thank you all.
My attempt to protect users from scam apps on the @AppStore has gotten my Apple Developer account flagged for termination - ironically, for "dishonest activity".
Unless it's reversed by June 30, all new installs of Sparrow Wallet will fail, and development on macOS will end.
The context: since 2023, more than a dozen fake "Sparrow" apps have appeared on the App Store, as recently as April this year. Users have contacted me after losing their savings, in some cases their life savings, to these impersonators.
I'm the developer of the real Sparrow Wallet, a desktop app, and I hold the registered US trademarks for the name and logo. I have publicly warned @Apple and the community about these fake apps from early 2024, but they keep appearing.
The app @Apple flagged was a placeholder that was never published. Its only purpose was to warn users that Sparrow is desktop-only and that other "Sparrow" apps aren't mine. This approach may have been misguided, but there was nothing dishonest about it.
I'm confident this is an automated misclassification that Apple would reverse on review - but I may be terminated before a human ever looks at my appeal. The cost would fall on @Apple's own users: blocked installs and no updates for a tool people rely on, which opens the door for more fakes.
If you value Sparrow, a repost would help. @AppleSupport
We posted a thread on our Mastodon instance addressing the underhanded attacks being made on GrapheneOS by Volla due to our opposition to their Unified Attestation API:
https://t.co/v0wMt4iPr9
An account previously pretending to be a fan supporting Volla has been clearly exposed as run by them.
Despite how this account has previously posted, it began repeatedly posting on behalf of Volla and referring to themselves as being part of it. They referenced Volla contacting us half a year ago wanting a partnership with us which didn't go anywhere as they're unable to meet our requirements.
We've opposed Unified Attestation on very reasonable grounds which we've once again elaborated on in the linked thread after covering this. This account clearly run by Volla themselves has repeatedly posted outrageous conspiracy theories about GrapheneOS implying we're working for the US government.
We included links to a history of posts predating our opposition to Unified Attestation where they engage in false marketing of Volla products and try to convince people to use those over other options with inaccurate claims. That includes them replying to threads where people discussed GrapheneOS.
They were misleading people about GrapheneOS prior to us speaking of them. They're now attacking us in a super underhanded way because we oppose them seizing control over which devices and operating systems are allowed for European banking/government apps. Don't allow them to memory hole this.
The account is very clearly run by Volla, has openly acknowledged it and proven it with insider knowledge. We also have a very good idea of exactly who is running the account due to the writing style. These companies using sockpuppet accounts and personal accounts to attack us doesn't lessen it.
> Please stick to the facts.
We're sticking to the facts. You're posting baseless conspiracy theories about GrapheneOS:
https://t.co/FrVO6p6WMc
> It is legal to release and sell proprietary software like Apple and Google do.
>
> UnifiedAttestation is not proprietary software. It is planned to be fully open-source and freely available software (FOSS).
That's irrelevant. This has nothing to do with open source vs. closed source. It's anti-competitive because there's a cartel formed by companies selling products making a system which only permits their products. Those companies want want many app developers to adopt their system to enforce only using the products it permits to stop people from having the freedom to use any hardware or software they choose.
> For an alternative to Google Play Integrity to succeed, it is necessary to attract developers who currently use Google Play Integrity. This, in turn, requires a system that enables verification and certification independent of OEMs and operating system manufacturers and is used by many of these manufacturers. A compatibility to these apps, that are currently not running on alternative Android operating systems, will increase the appeal of this alternatives.
Google Play Integrity API is quite clearly an illegal anti-competitive system. A lot of progress has been made towards regulators/legislators acknowledging this and acting upon it. Google engaging in illegal anti-competitive behavior doesn't justify other companies doing it. Making another illegal anti-competitive system is not a solution. GrapheneOS will not participate in a system which imposes arbitrary rules on what we're allowed to do under threat of having a large amount of app compatibility taken away. We will not give companies hostile towards GrapheneOS control over which apps can be used on it either. You do not have the right to do it. It is not legal for you to work with your competitors to make a system permitting your products but not everything else. This is clearly an anti-competitive cartel and it's illegal under EU law. You cannot be the ones making it or running it. The only way this is legal is for it to be done by a truly neutral organization where the companies making products aren't involved and don't have undue influence over it. It's entirely possible for this to be done by one or more neutral organizations using the existing Android hardware attestation API with the only new system being a way to fetch a list of what each organization allows.
> There will be no requirement for apps to use UnifiedAttestation. The goal is simply to ensure compatibility with apps that currently use Google Play Integrity.
Apps are not required to adopt the Play Integrity API, but that doesn't change that it's an illegal anti-competitive system. Each app adopting it is participating is illegal suppression of an open market where anyone is free to participate. Unified Attestation will be no different. GrapheneOS is not free to participate in Unified Attestation because it's illegal and because the companies involved have been incredibly hostile towards us with years of underhanded attacks on GrapheneOS.
You're pushing for apps to adopt it. It coincides with efforts by multiple parts of the EU to force certification systems for using banking/government apps. You claim that it won't be required but it's clear that it will be required if it gains widespread adoption. You're building a system for future abuse by the EU to control what people are allowed to use on their devices. With no demand for you to build it, you're making a system enabling a police state to control people.
> It is therefore the exact opposite of a restriction on competition or a cartel. It is an initiative for an open standard that even goes beyond Android.
It's irrelevant whether the code is open source. Google could publish the entirety of the Google Play Integrity code with no change in how illegal it is. They don't require any apps to adopt it which doesn't make it legal. With the Play Integrity API, Google is abusing their market position to lock people into their products. With Unified Attestation, multiple companies forming a significant part of a specific niche market space have formed a cartel to permit their products while locking out others. Both of these things are violations of the law. Engaging in this kind of anti-competitive behavior is not legal. Telling us that we're invited to join an illegal cartel doesn't make it any less illegal. We won't be participating and you must not ban using GrapheneOS or we'll be filing a lawsuit against all of the companies involved.
> The consortium is currently informal and still in the formal founding process. Graphene OS is invited to help shape UnifiedAttestation, just as we have invited Graphene OS in the past to collaborate and partner with us regarding your operating system and our hardware.
GrapheneOS will not participate in an illegal anti-competitive cartel. GrapheneOS also isn't going to support bottom of the barrel MediaTek hardware. You've just made a bunch of inaccurate attacks on GrapheneOS on Mastodon making the outrageous claim that it must be part of a US conspiracy aimed at harming European companies.
> Volla OS is not based on Lineage OS, but on AOSP. It is true that Volla OS uses elements from Lineage OS and other free open source projects. In addition, it includes our own services and apps.
Okay, and what's your point? GrapheneOS isn't based on LineageOS either. Both /e/ and iodéOS are based on LineageOS. It doesn't change anything about Unified Attestation being anti-competitive.
> As an OEM, we have full access to all levels of the firmware, which we carefully review, clean up, and harden. This makes a difference.
Your devices are white labelled products from an ODM partner. We can have a company make devices which are branded as GrapheneOS devices too. We've had numerous opporunities to do so. We aren't interested in having bottom of the barrel MediaTek SoC devices failing to meet our official security requirements. That's why we haven't taken up any of these partnership offers or paid an ODM to make devices for us.
> Maintaining our operating system includes updates to the kernel and device drivers, AOSP, and all other components.
You don't provide proper updates to the kernel, drivers, firmware or AOSP. You provide the standard partial backports to older releases of Android. Linux kernel updates are far more frequent and involve far more than what Android lists, as do the overall Android updates and driver/firmware updates. /e/ and iodéOS do much worse than you along with misleading users about it, yet they're a core part of this initiative. They've consistently set a fake Android security patch level and yet they're going to have control over what's permitted.
> This commitment is verifiable through the publication of our source code. Through UnifiedAttestation, we aim to demonstrate the system’s security via an independent third party as well as through transparent, public testing procedures and test reports.
Unified Attestation has nothing to do with security and a legitimate security review with reasonable standards would not permit these products or most Android devices. Play Integrity API is not about security and neither is your system. These are anti-competitive systems which enforce only using products from certain companies for the benefit of those companies.
> UnifiedAttestation is an initiative born from the realization that, despite competition, collaboration on shared challenges makes sense. It is good that there is not just a single provider of an alternative operating system. It is a sign of a relevant market.
Collusion between companies which are supposed to to be competiting with each other to lock out other participants from the market with a system only permitting the products of the companies participating in it is not an innocent form of collaboration. It's an illegal anti-competitive cartel.
> Let’s bring great products to market! You, Volla and all the other players.
You're welcome to make products which you claim are in the same space and competing with us. You aren't welcome to form an anti-competitive cartel where GrapheneOS devices will be forbidden due to our lack of participation. That's illegal and we'll file a lawsuit against you.
@mainlinedbutter The post you've linked is absolutely not valid critique but rather blatant fabrications and misrepresentations. We thoroughly debunked it with detailed factual information at https://t.co/uAbf0bCvL3. The stuff they're claiming doesn't make logical sense and is likely AI slop.
@mainlinedbutter Your support for highly inaccurate attacks on the GrapheneOS project and our team by organizations who feel threatened by it is what's shameful. You're even supporting the ongoing personal attacks on our team with fabricated stories. You're lying about what we've said and done.
@mainlinedbutter You follow an obscure account @TeleviziaSTB made by one of the people involved in the attacks on GrapheneOS with @TheVancedGamer coordinated in his semi-public Telegram group we've been monitoring. You aren't an uninvolved person who was interested in GrapheneOS as you claim.
you see graphene way stuff like "these companies are working on coordinated campaigns discrediting us" and it sounds like schizoposting, and then you look into it and its all true. like yeah thats straight up a volla alt saying graphne is funded by the US gov, just lying